Sunbird-Ed SunbirdEd-portal Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Sunbird-Ed SunbirdEd-portal version 1.13.4. This vulnerability allows attackers to manipulate the server into making unintended requests to internal or external services, potentially leading to unauthorized access or disclosure of sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized access to internal services or sensitive information, depending on the server's request handling and the targeted services.

Reproduction

To reproduce this vulnerability, upload a malicious file through the application's file upload feature. The uploaded file should be crafted to exploit the SSRF vulnerability by making requests to internal services or resources that should not be accessible from the server.